Project

General

Profile

Forums » Help »

production.log contains proxy ip instead real ip

Added by Sven Kilchenmann almost 10 years ago

Apache with passenger-install-apache2-module only logs proxy ip

I've set up a Redmine instance with Apache using passenger-install-apache2-module to serve the page.
So far everything works fine. Since we do not have a dmz we installed a reverse proxy (ngnix) which handles the requests of a subdomain to be routed to the Apache instance.

But now the production.log of Redmine always show the public ip of the reverse proxy instead of the real ip.

schween@aff:/usr/share/redmine$ RAILS_ENV=production script/about 

sh: 1: svn: not found
sh: 1: darcs: not found
sh: 1: hg: not found
sh: 1: cvs: not found
sh: 1: bzr: not found
Environment:
  Redmine version                2.6.1.stable
  Ruby version                   2.1.5-p273 (2014-11-13) [x86_64-linux]
  Rails version                  3.2.21
  Environment                    production
  Database adapter               Mysql2
SCM:
  Git                            1.9.1
  Filesystem                     
Redmine plugins:
  clipboard_image_paste          1.9
  redmine_questions              0.0.5
  redmine_vote                   1.2.1
  redmine_wiki_extensions        0.6.5

Anybody knows how to solve this issue - fast search with google didn't solve my issue.
Thanks for the fish
sCHween


Replies (6)

RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) almost 10 years ago

we installed a reverse proxy (ngnix) [...]
But now the production.log of Redmine always show the public ip of the reverse proxy instead of the real ip.

Perhaps I don't understand your question, but what else should be logged than the IP of the reverse proxy?

RE: production.log contains proxy ip instead real ip - Added by Sven Kilchenmann almost 10 years ago

I guess the only thing I'm interested in is the real ip instead the proxy ip.
If I got the real ip I can build up some additional things like fail2ban and so on..

RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) almost 10 years ago

If possible at all, this is out of the scope of redmine. Please ask in a forum dedicated to the reverse proxy you're using.

IMHO you're trying to do something that's conceptually not reasonable - intrusion prevention needs to take place on your reverse proxy or even further up...

RE: production.log contains proxy ip instead real ip - Added by Pavel Potcheptsov almost 10 years ago

Hi, this block of rules in my nginx conf for redmine gives real IPs of local (LAN) and external (Internet) users in production.log

              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $remote_addr;
              proxy_set_header CLIENT_IP $remote_addr;

RE: production.log contains proxy ip instead real ip - Added by Jan Niggemann (redmine.org team member) almost 10 years ago

Cool, next time I'll try nginx instead of pound to get to know it some more.
Nevertheless, you should do any filtering / IPS / whatever further up the line (i.e. on the proxy)...

    (1-6/6)